On 12/07/2023 04:34, Kampanakis, Panos wrote:
Thanks Dennis. Your answers make sense.
Digging a little deeper on the benefit of compressing (a la Abridged Certs
draft) the leaf cert or not. Definitely this draft improves vs plain
certificate compression, but I am trying to see if it is worth the complexity
of pass 2. So, section 4 shows a 2.5KB improvement over plain compression which
would be even more significant for Dilithium certs, but I am trying to find if
the diff between ICA suppression/Compression vs ICA
suppression/Compression+leaf compression is significant. [/n]
I am arguing that the table 4 numbers would be much different when talking
about Dilithium certs because all of these numbers would be inflated and any
compression would have a small impact. Replacing a CA cert (no SCTs) with a
dictionary index would save us ~4KB (Dilithium2) or 5.5KB (Dilithium3). That is
significant. [/n]
Compressing the leaf (of size 8-9KB (Dilithium2) or 11-12 KB (Dilithium 3))
using any mechanism would trim down ~0.5-1KB compared to not compressing. That
is because the PK and Sig can't be compressed and these account for most of the
PQ leaf cert size. So, I am trying to see if pass 2 and compression of the leaf
cert benefit us much.
I think there's a fairly big difference between suppressing CA certs in
SCA and compressing CA certs with pass 1 of this draft. But I do agree
its fair to ask if pass 2 is worth the extra effort.
The performance benefit isn't purely in the ~1KB saved, its whether it
brings the chain under the QUIC amplification limit or shaves off an
additional packet and so avoids a loss+retry. There's essentially no
difference in implementation complexity, literally just a line of code,
so the main tradeoff is the required disk space on the client & server.
Best,
Dennis
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
